Source code

001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.runtime.plugins.admin.rights;
017
018import java.util.Collections;
019import java.util.Map;
020import java.util.Set;
021import java.util.stream.Collectors;
022
023import org.apache.avalon.framework.service.ServiceException;
024import org.apache.avalon.framework.service.ServiceManager;
025import org.apache.avalon.framework.service.Serviceable;
026import org.apache.commons.lang3.StringUtils;
027
028import org.ametys.core.group.GroupIdentity;
029import org.ametys.core.right.AccessController;
030import org.ametys.core.right.AccessExplanation;
031import org.ametys.core.right.RightsExtensionPoint;
032import org.ametys.core.user.UserIdentity;
033import org.ametys.core.user.UserManager;
034import org.ametys.core.user.population.UserPopulationDAO;
035import org.ametys.runtime.i18n.I18nizableText;
036import org.ametys.runtime.plugin.component.PluginAware;
037
038/**
039 * Grant all rights to users from admin populations on admin context
040 */
041public class AdminAccessController implements AccessController, Serviceable, PluginAware
042{
043    /** The right context for administration area */
044    public static final String ADMIN_RIGHT_CONTEXT = "/admin";
045    /** The rights extension point */
046    protected RightsExtensionPoint _rightsExtensionPoint;
047    /** The user manager */
048    protected  UserManager _userManager;
049    private String _id;
050    
051    public void service(ServiceManager manager) throws ServiceException
052    {
053        _rightsExtensionPoint = (RightsExtensionPoint) manager.lookup(RightsExtensionPoint.ROLE);
054        _userManager = (UserManager) manager.lookup(UserManager.ROLE);
055    }
056    
057    public void setPluginInfo(String pluginName, String featureName, String id)
058    {
059        _id = id;
060    }
061    
062    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
063    {
064        if (user != null && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID))
065        {
066            return AccessResult.USER_ALLOWED;
067        }
068        else
069        {
070            return AccessResult.UNKNOWN;
071        }
072    }
073    
074    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
075    {
076        return getPermission(user, userGroups, null, object);
077    }
078
079    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
080    {
081        if (user != null && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID))
082        {
083            return _rightsExtensionPoint.getExtensionsIds().stream().collect(Collectors.toMap(rightId -> rightId, rightId -> AccessResult.USER_ALLOWED));
084        }
085        else
086        {
087            return Collections.EMPTY_MAP;
088        }
089    }
090
091    public AccessResult getPermissionForAnonymous(String rightId, Object object)
092    {
093        return AccessResult.UNKNOWN;
094    }
095    
096
097    public AccessResult getReadAccessPermissionForAnonymous(Object object)
098    {
099        return AccessResult.UNKNOWN;
100    }
101
102    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
103    {
104        return AccessResult.UNKNOWN;
105    }
106
107    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
108    {
109        return AccessResult.UNKNOWN;
110    }
111
112    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
113    {
114        return _userManager.getUsers(UserPopulationDAO.ADMIN_POPULATION_ID).stream().collect(Collectors.toMap(user -> user.getIdentity(), user -> AccessResult.USER_ALLOWED));
115    }
116
117    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
118    {
119        return getPermissionByUser(null, object);
120    }
121
122    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
123    {
124        return Collections.EMPTY_MAP;
125    }
126
127    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
128    {
129        return Collections.EMPTY_MAP;
130    }
131    
132    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
133    {
134        return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null);
135    }
136
137    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
138    {
139        return workspacesContexts.contains(ADMIN_RIGHT_CONTEXT) && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID);
140    }
141    
142    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
143    {
144        return false;
145    }
146
147    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
148    {
149        return false;
150    }
151
152    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
153    {
154        return false;
155    }
156    
157    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
158    {
159        return false;
160    }
161    
162    public boolean isSupported(Object object)
163    {
164        if (object instanceof String)
165        {
166            String context = (String) object;
167            return ADMIN_RIGHT_CONTEXT.equals(context) || context.startsWith(ADMIN_RIGHT_CONTEXT + '/');
168        }
169        return false;
170    }
171    
172    public Map<ExplanationObject, Map<Permission, AccessExplanation>> explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups)
173    {
174        // Only grant access in the admin workspace.
175        // Always ignore it to simplify
176        return Map.of();
177    }
178
179    public String getId()
180    {
181        return _id;
182    }
183
184    public I18nizableText getObjectLabel(Object object)
185    {
186        // explainAllPermissions is not implemented
187        throw new UnsupportedOperationException();
188    }
189
190    public I18nizableText getObjectCategory(Object object)
191    {
192        // explainAllPermissions is not implemented
193        throw new UnsupportedOperationException();
194    }
195}